tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <>
Subject Re: Tomcat not working behind a NAT?
Date Thu, 24 Jul 2003 20:00:00 GMT

Made sense to me. :)


Eric J. Pinnell wrote:

> Hi,
> I was unaware that tomcat connects to itself on a high port.  Never the
> less, Tomcat should be completely unaware of the address.  If
> your NAT is totally transparent the only place that IP lives is on the
> external interface of your firewall/NAT device.  I don't see how that IP
> could sneak back there.
> Unless, and I'm going to guess here, your application is looking at the
> URI of the request and doing something with it.  In that case you should
> use IP numbers and have internal vs. external DNS (or /etc/hosts) set up
> with the different IP numbers (one for the inside value and one with the
> 10.x.x.x inside value).  So that way if it tries to connect to the same
> URI that was in the request it will get the right 10.x.x.x IP number.
> I don't know if that helped or not.
> -e
> On Thu, 24 Jul 2003, Erin Dalzell wrote:
>>Hi there,
>>We have just discovered that our tomcat web app is not working correctly
>>behind a NAT. Our actual web app works fine, but when we try to access our
>>management pages via http. It doesn't work. Any static pages are served up
>>correctly through our defined tomcat port (6300), but any dynamic content
>>(to several different servlets) don't work.
>>When we run a sniffer, it looks like tomcat tries to communicate with itself
>>on a very high (and random) port. For example, if our tomcat is accessible
>>locally as and externally as and we access from
>>withing our network (10.10.x.x) everything works fine and tomcat is able to
>>talk to itself on port 45000. But if I access it from an external site,
>>tomcat tries to communicate with itself on the address and the NAT
>>doesn't like it.
>>So, I have a few questions:
>>	1) why doesn't tomcat (we are using version 4) use localhost to
>>communicate with itself?
>>	2) anyone else seen this problem?
>>	3) can the high port be configured?
>>Erin Dalzell
>>eXpresso Product Specialist
>>Epic Data
>>This email and any attachments are intended only for use by the addressees
>>named in this email and may contain legally privileged and/or confidential
>>information.  If you are not the intended recipient of this email, you are
>>hereby notified that any use, dissemination, distribution or copying of this
>>e-mail or any attachments is strictly prohibited.  If you have received this
>>email in error, please immediately notify me by return email and by phone at
>>604-273-9146, permanently delete the original and any copy of this email and
>>any attachments from your systems and destroy any printouts of them.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message